BE TRANSPARENT

Give users the ability to make informed choices.

The first step in establishing and maintaining a trust-based relationship with your users is giving them the information they need to make informed decisions. Doing so not only helps prevent surprises that can lead to backlash, it can also build loyalty among your current users and help you recruit new ones.

Many privacy fiascos are triggered when users are unpleasantly surprised to learn how a service actually works and how their personal data has been or could be collected and used. You can help avoid surprises that will lead to user backlash by making your privacy practices accessible and easy to understand. Having short-form privacy policies for mobile, Frequently Asked Questions pages, and visual ways of communicating like videos and graphs can also help your users understand your privacy practices.

Search engine DuckDuckGo reaped the benefits of having clear and privacy-friendly policies written in understandable English.

…

Its privacy policy starts with a clear statement that “DuckDuckGo does not collect or share personal information,” followed by an explanation about why users “should care.” This policy has been highlighted by the press, helping the company experience a 600 percent increase in traffic in the wake of the 2013 NSA revelations.

Lookout, a mobile privacy and security startup, attracted lots of positive attention for building a tool to help mobile apps produce short-form privacy policies.

…

Lookout, a mobile privacy and security startup, attracted lots of positive attention for building a tool to help mobile apps produce short-form privacy policies. The company decided to build and release the tool after receiving positive feedback for its own mobile-friendly policy. Lookout was lauded for taking “major steps to empower consumers” that “could change the game on mobile app transparency.”

Because many users are particularly concerned about how and whether their data is shared with third parties, making sure that your users understand your data-sharing practices is essential to earn their trust and avoid
misunderstandings or backlash. Make it easy for users to understand who can view or access their information, how it can be used, and how your company ensures that it is not misused.

Lenovo was lambasted in the press after security researchers revealed that the PC-maker was selling computers secretly preinstalled with “nefarious” adware that not only collected information about users’ online activity but also made encrypted web sessions vulnerable to attacks.

…

Lenovo was lambasted in the press after security researchers revealed that the PC-maker was selling computers secretly preinstalled with “nefarious” adware that not only collected information about users’ online activity but also made encrypted web sessions vulnerable to attacks. The adware, from a company called Superfish, posed a sufficiently serious threat that the Department of Homeland Security warned Lenovo customers to remove it immediately. Lenovo’s actions not only damaged its reputation, but also exposed it to a class action lawsuit for “compromising user security and privacy.”

80% of survey respondents wanted more regulations to prevent organizations from re-purposing personal data for third party use (2014).

FOLLOW YOUR PRIVACY POLICY.

Your privacy policy is a contract with your users. Failing to live up to your privacy promises may not only anger users but also result in fines and lawsuits. Make sure that your privacy policy is accurate and that everyone who has access to personal data understands and complies with it.

Snapchat was punished by the FTC for misrepresenting its security and privacy practices, including its fundamental promise that photos and videos “disappear forever” after being viewed. The FTC also accused Snapchat of collecting user geolocation data and data from user address books despite promising not do so in its privacy policy. As part of its settlement with the FTC, Snapchat was forced to agree to independent oversight of its privacy program for 20 years.

It is more likely that users will embrace new or improved functionality or changes to your privacy practices if they are not surprised. Prominently disclosing meaningful changes in the way your product or service collects data, giving users the opportunity to provide input and express concerns, and obtaining opt-in consent can help prevent controversies for your company.

In early 2011, online marketplace Etsy suffered a “social media DIY-saster” after making shoppers’ feedback posts, purchases, and, in some cases, real names publicly visible and searchable without adequately notifying users. Because the company announced the change only on a forum rarely used by buyers, it was accused of refusing to take its users’ privacy concerns seriously, leading the incident to be described as “Etsy’s privacy Valdez.” The online marketplace has since changed its default privacy settings, apologized for its behavior, and acknowledged that it will have to “work hard to regain your trust.” For many users, however, this may have been the “last straw.”